Since there was not enough time to tackle everything I had in the slides, I’d like to add two things I find important to know about.

TypoScript

First of all I mentioned in the workshop that plain TypoScript could introduce security holes that are not that obvious at first sight. You can look that up in the slides or in an older post of mine. In the latter I also mentioned that Jigal wrote an excellent article about how to securely build SQL queries with Typoscript when you really need string input from untrusted sources.

However I would not recommend doing complicated queries with the TypoScript CONTENT object especially not with user input involved. It is still hard to see what the resulting query would look like when writing the TypoScript so it is very likely to overlook some (security related) problems.

Flash messages view helper in Fluid

If you are developing Extbase extensions, you most likely know about and use flash messages.